Wednesday 7 October 2015

Is HTTP Pipelining help?

Pipelining was added to HTTP/1.1 to improve the performance on persistent connections. HTTP pipelining is a technique in which multiple HTTP requests are sent on a single TCP connection without waiting for the corresponding responses. Usually pipelining techniques improves the performance of loading html pages (When an HTML page referencing multiple image files).

Is all HTTP requests pipelined?
Non-idempotent requests can’t be pipelined. An Idempotent operation is one that has no additional effect if it is called more than once with the same input parameters.
Method
Is Idempotent
Description
GET
YES
GET is a read-only operatio. No matter how many times tou read, it has no impact on resource.
PUT
YES/NO (Depends on your implementation)
PUT is generally used for update operation. No matter how many times you called update by using same parameters, it has same effect on the resource.
POST
NO
POST is used to create new resource. If you call POST 3 times, it creates 3 resources.
DELETE
YES
DELETE is used to delete resource. It has no impact if you call multiple times.
HEAD
YES
HEAD is read-only operation. It gives response code and headers information.

Issues with Pipelining
Following draft summarizes the issues with pipelining; suggest some solutions to overcome these issues.
https://tools.ietf.org/html/draft-nottingham-http-pipeline-01

In brief following are the issues.

a. Head-of-Line Blocking
The key constraint in pipelining is that server should send responses in the same order that client send requests. This leads to the so-called head-of-line blocking problem.

Assume client opens a connection and send 3 idempotent requests R1, R2, and R3. Assume R1 takes long time to process; R2 and R3 will finish soon. Server can able to process requests R1, R2 and R3 in parallel. Requests R2 and R3 will finish soon, but server can't send the responses of R2, R3 to client, until R1 finish (Since R1 is the first request send by client). Clients who pipeline this kind of requests may face worse performance if they stack requests behind such an expensive request.

b. Balking servers
Some Server implementations can stop running pipelined requests, or close their connection when the client attempts to pipeline.

c. Pipelining can be used for evading detection by Intrusion Detection Systems.
Following reference paper explains the same.
https://www.defcon.org/images/defcon-11/dc-11-presentations/dc-11-Roelker/dc-11-roelker-paper.pdf

d. Confused Servers

Few server implementations can respond to pipelined requests in the wrong order.  Even fewer might corrupt the actual responses.


Previous                                                 Next                                                 Home
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)